raggi
commented
6 years ago Vagrant can consume a cert.pem, can you explain more why you want this form?
Open johnbellone opened 6 years ago
raggi
commented
6 years ago Vagrant can consume a cert.pem, can you explain more why you want this form?
johnbellone
commented
6 years ago @raggi Absolutely!
The vagrant-ca-certificates plugin takes individual certificates and injects them into a running guest instance. It then uses the guest operating system mechanism to build the proper certificate bundle. So, for example, if we have internal root certificate we only want to inject that instead of the whole bundle.
Right now, the way that I achieve that is to manually drop them into /usr/local/openssl/certs and have the above plugin copy them into guest. What I'd like to do is potentially have each root/sub be a separate file in /certs so that I don't need to manually copy them over.
If there's a better way to do this I am open. The downside here is that the whole keychain would be exported into that directory versus only the certificates that I want to add to the default bundle.
raggi
commented
5 years ago I'm in support of this being done, not sure if I'll get around to it soon. Should be an easy task for someone to try :)
I was wondering if you would be opposed to accepting a patch that would export root certificates from the keychains to certs directory. This is needed for tools such as Vagrant to inject them into guest virtual machines.